Overview

overview

10

Static

static

6

48bc5e8f77...fd.apk

android-9-x86

10

48bc5e8f77...fd.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    09-12-2024 22:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    48bc5e8f778f01f8b1bd5c6bf034d4c50675c98318af50ecb852f7d8e078c9fd.apk

  • Size

    2.1MB

  • MD5

    bcbbc445f93288c19ee9168e803b9fca

  • SHA1

    4f46109b43f033cdafa44a8fb79c77c94385a01b

  • SHA256

    48bc5e8f778f01f8b1bd5c6bf034d4c50675c98318af50ecb852f7d8e078c9fd

  • SHA512

    b45d5fcb6ad893c75eb81b887e7409c38da50c7d602ab7ebb2f269f53bacfb33d9cda61d0eecead6cfbef24dbca982591d6f658f5340fe0c32e388b88587f382

  • SSDEEP

    49152:aRMHwtPg6fDR3cZWllX8L/MTrYwUYSSV9JDriLmUk97zC+su:a2HwtPg+DR3cZOqrirYwK2i6vr

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://oelikixanni14.live/MTU2OWE0NzJjNGY5/

https://r85d4kbe5729.vip/MTU2OWE0NzJjNGY5/
rc4.plain

Extracted

Family

octo

C2

https://oelikixanni14.live/MTU2OWE0NzJjNGY5/

https://r85d4kbe5729.vip/MTU2OWE0NzJjNGY5/
AES_key

Signatures

Processes

  • com.beenor9
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4586

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

Lateral Movement

Collection

Access Notifications

1
T1517

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.beenor9/app_DynamicOptDex/qslSt.json
    Filesize

    1KB

    MD5

    e263fd0f2ef46826a192fbe917fec274

    SHA1

    80282e8a3d6536c8886e7e0ec127ba026359aba7

    SHA256

    50975688ddb8694cd892ffcb95a7136fdc579fb4ca3d83ae80ad6b16476ab92f

    SHA512

    dbabb1ecfc026d95fd8c7cd40f94fd7656a19ff30ae5cffdf4cbd9781e550128a13b4685167d0cace12268947e9896eda819b006706387a6cd9bc293da5477b8

    Download Submit

  • /data/user/0/com.beenor9/app_DynamicOptDex/qslSt.json
    Filesize

    1KB

    MD5

    9ef9efec94da15686f21b9e762448436

    SHA1

    0ab8258c19de715b99e397982da89e4c79389acf

    SHA256

    dce6560176580e23157648b4aa48a9fd0ebee192f0cb91bd11c112e8ef90a1d3

    SHA512

    c8ca0acc808d6df6b921b847a47ba6e05bc4de55bd26d3c8ddc5d70b26c10d0099ba72d48647ac7c498f2ad3d6764bb8099f0813085b89dd639f112f929c5718

    Download Submit

  • /data/user/0/com.beenor9/app_DynamicOptDex/qslSt.json
    Filesize

    2KB

    MD5

    5ce227788ace57daa5125c682d9abf36

    SHA1

    79d30d4ea7d18631f2bb3c0bce586b4535da518b

    SHA256

    7c1beae38eecd8c517813c8576336070dbbf41eb216f451d92868d61f82efe65

    SHA512

    774b9c574ee260f73cd72d615ff9f0667a25c0fdca91a6bd9c91a9c2bb4946e121edd4cf0591fbcd48f1ab32ae23b68adaf545e3f9b47b1adbd47fc9a1a0b1be

    Download Submit

  • /data/user/0/com.beenor9/cache/oat/udpoedrlmdg.cur.prof
    Filesize

    343B

    MD5

    94ccea83674f2ffd71d93a505cffa4f9

    SHA1

    5aa4d484103cda57d3f6a64c25767814254844b1

    SHA256

    9d3065d2fade1359763c623002d9f65dd8fa3f123c0660704b86ae8a2f136452

    SHA512

    62620beefdffda9bb7dab7b945af3188879260d36300b52507ea17a2da35383184b72171c5dd9ebde975dd1410da52fd927da7c53b5a02fa76f209f806b53667

    Download Submit

  • /data/user/0/com.beenor9/cache/udpoedrlmdg
    Filesize

    456KB

    MD5

    6354448ad1cc09668325701ddddac014

    SHA1

    dbfc987e0921dc0285e3f59798d379eb60bd2947

    SHA256

    0a11b12265b2ebfc042f4adf4cb85f9b80f3416be21d314e99ee6bcd52e3203e

    SHA512

    75ac094323ba576ae57cb67847f900af2b63420c4f6e27d4733230c52f5df6ae143c3bf1642fc09b9931d3ded17a83b57040cabd4ded7b95183274bac0f63661

    Download Submit

  • /data/user/0/com.beenor9/kl.txt
    Filesize

    466B

    MD5

    56c09d2bf717f86de02dabd20a1b785f

    SHA1

    3e87075ab26bb9383ca6403dde4fbfa2a8b23cad

    SHA256

    0e7968e7dfb0b81f7e7761785b8bc6352ecb0d209892c4de257254a590a41a34

    SHA512

    a32c692874ca20258c6ccf787bda8b368115cd9f4dfe668c048fcd44aad93bb20f764d2266b1184c33cbe33e604e1a083d1d5bbd4f1ec70ab2e47371d947a924

    Download Submit

  • /data/user/0/com.beenor9/kl.txt
    Filesize

    28B

    MD5

    6311c3fd15588bb5c126e6c28ff5fffe

    SHA1

    ce81d136fce31779f4dd62e20bdaf99c91e2fc57

    SHA256

    8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8

    SHA512

    2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

    Download Submit

  • /data/user/0/com.beenor9/kl.txt
    Filesize

    230B

    MD5

    dfc981daf1a9b2aa9bd2b507481d8eb3

    SHA1

    e574b71c6d55de77fb5812d7eb2f4ba40aeaef2c

    SHA256

    67ce717761553d54a53f41d67aa7ee713ddf0c4530c25c69a28241cc338b0dcb

    SHA512

    cc9ba97de88f79e329c0b0b54698907cd6a5870feb48c026cb92a99bdc63a073d0db3bf28e488c2c750a3d781e45a17b1642073a5a2366306a39dd7d6db1d08b

    Download Submit

  • /data/user/0/com.beenor9/kl.txt
    Filesize

    63B

    MD5

    5521cd75586291a0c8a9b02a505d1781

    SHA1

    da73377db94bb7f4e971e9883b6a2736c8faba8a

    SHA256

    bc0472aff6fe8562a5e8ec478d2e8bb27e05d1defd18d12affdd26b5a141e067

    SHA512

    0f747adde826f564506e0fa5482d03616f5aa773bf6ecfe54581fed5fe526b01c1dae48f3ca93b70a3c5804056b78e6b241162f8939ecf3eb919064a135d702b

    Download Submit

  • /data/user/0/com.beenor9/kl.txt
    Filesize

    45B

    MD5

    712a23a069bb037d6ab4939430e590f1

    SHA1

    a87e79bd9f54df762b02d1997f605770faa68384

    SHA256

    0e629b83257c7add90156a01900a89c7f4caf000e8b5340a5d3c963e3be28203

    SHA512

    fc82c15a0f83408894c552b3cbe5ddb59097f05ebdfcacc30c972257fc541b5d61302f7f00192fbd24aab39bbef6e4a0ce77e75b1897aab179d4643e603d9dc7

    Download Submit